Interpreting Emergent Features in Deep Learning-based Side-channel Analysis
This work addresses the need for security evaluators to understand attacks to propose better countermeasures, though it is incremental in applying existing interpretability methods to SCA.
The paper tackles the interpretability problem in deep learning-based side-channel analysis (SCA) by applying mechanistic interpretability to neural networks, revealing how models exploit leakage in traces and recovering secret masks, moving evaluation from black-box to white-box.
Side-channel analysis (SCA) poses a real-world threat by exploiting unintentional physical signals to extract secret information from secure devices. Evaluation labs also use the same techniques to certify device security. In recent years, deep learning has emerged as a prominent method for SCA, achieving state-of-the-art attack performance at the cost of interpretability. Understanding how neural networks extract secrets is crucial for security evaluators aiming to defend against such attacks, as only by understanding the attack can one propose better countermeasures. In this work, we apply mechanistic interpretability to neural networks trained for SCA, revealing \textit{how} models exploit \textit{what} leakage in side-channel traces. We focus on sudden jumps in performance to reverse engineer learned representations, ultimately recovering secret masks and moving the evaluation process from black-box to white-box. Our results show that mechanistic interpretability can scale to realistic SCA settings, even when relevant inputs are sparse, model accuracies are low, and side-channel protections prevent standard input interventions.